Hi Sylvain,
On Feb 19, 2011, at 10:18 AM, Sylvain Galineau wrote:
> Thinking about this a little more, and since the web's
> consistency has been brought up several times lately,
> it is probably worth elaborating upon.
>
> The reason From-origin:same will be set on licensed
> commercial fonts hosted by the licensee has nothing to do
> with 'the web'. As such, the so-called exception for font
> resources will occur at run-time on the web whatever browser
> vendors do. So the issue is not really about 'the web', it's
> a simple practical one: given that this header value will
> have to be set so often for font resources, where/when is
> it easiest and cheapest to set it ?
This argument (and Vladimir's similar one) assumes that today's popular forms of commercial font licenses are not only the common case today, but will be the common case for as long as the Web exists. I don't have evidence that this assumption wrong. But what's our level of confidence in this assumption? 90%? 99%? I think it would take a high degree of confidence to rebut the default assumption of consistency.
In fairness, Mozilla's argument isn't based on such an assumption, rather, Robert O'Callahan and others argue that default-denying embedding is a better model for resource access than default-allowing it, and should be changed for "all future resource types" (currently fonts are the only known or projected example). Mozilla folks seem to feel that applying the better model to a subset of types is more valuable than a consistent, but slightly suboptimal model. I think that is a reasonable argument, but I disagree about the balance of tradeoffs.
Regards,
Maciej